You have probably all heard of GDPR – the General Data Protection Regulation - that comes into effect on 25 May 2018. For those that haven’t, the GDPR is an EU Regulation regarding the collection, storage and processing of personal data. All organisations within EU member states will have to comply with GDPR.

Whilst Leasingham St Andrew’s School has always handled data in line with the 8 principles of the Data Protection Act 1998, it has taken some steps in preparation for GDPR. Following guidance from the Information Commissioner’s Office (ICO) we have:

  • Appointed a Data Protection Officer (DPO). Contact details

  • Carried out an audit of all personal data held about staff, students, parents/carers and community users.

  • Written a new GDPR Policy which will shortly be presented to governors for their approval.

  • Updated Privacy Notices. Click here to view


Consent is one of the lawful bases for processing information. Consent must be freely given, specific and informed, and unambiguous and there must be evidence to show that consent has been given and is current. For this reason, we will be asking parents to renew consent on an annual basis for using their child’s name, voice, image or likeness in various media based productions, such as photographs in this Newsletter, stories in the local Press, photographs in the school Prospectus etc.